Supprimer virus trojan!!!

mike -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,j'ai un virus TROJAN se nommant win 32 bho kd(trj) [upx] sur c:windoows\systeme32\dinpul.dll.
mon antivirus avast ne veut ni le mettre en quarantaine ni le supprimer? Quelqu'un à la solution pour m'aider à dégager ce trojan?
Configuration: Windows XP
Firefox 2.0.0.11

7 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    Télécharge sur le bureau
    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    => Double-clic dessus
    => installe
    => Clic Do a system scan and save the log
    => coller le rapport
    si problème voir l'aide
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    0
  2. mike
     
    merci de ton aide ep44 voici le rapport de hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:53, on 2008-01-02
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
    C:\Program Files\Fichiers communs\DefenseNetSurfage\mc.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8C62C5E2-CFBF-4E9E-8ECF-FDFA81B9A927} - C:\WINDOWS\system32\dinpu.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - C:\WINDOWS\system32\nse376.dll (file missing)
    O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com; ad=http://reparateurdesysteme.com
    O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\DefenseNetSurfage\mc.exe" dm=http://defensenetsurfage.com ad=http://defensenetsurfage.com sd=http://paylogs.defensenetsurfage.com
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    @+
    0
  4. mike
     
    ComboFix 08-01-03.3 - mickael morin 2008-01-02 22:10:26.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.61 [GMT 1:00]
    Running from: C:\Documents and Settings\mickael morin\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\WINDOWS\pack.epk

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-01 21:44 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-01 21:44 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-01 21:44 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-01 21:44 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-01 21:44 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-01 21:44 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-01 21:44 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-01 21:44 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-01 21:13 . 2008-01-01 21:13 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-01 21:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-28 22:29 . 2007-12-28 22:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-28 17:32 . 2007-12-28 17:32 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2007-12-28 17:18 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-28 16:32 . 2007-12-28 16:32 <REP> d-------- C:\VundoFix Backups
    2007-12-28 16:04 . 2007-12-28 16:07 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2007-12-28 15:09 . 2007-12-28 15:09 <REP> d-------- C:\Program Files\DivX
    2007-12-28 11:42 . 2007-12-28 11:42 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-16 19:10 . 2007-12-16 19:10 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
    2007-12-16 12:16 . 2007-12-16 12:16 <REP> d-------- C:\Documents and Settings\mickael morin\Application Data\Internet Download Accelerator
    2007-12-16 12:15 . 2007-12-16 17:04 <REP> d-------- C:\Program Files\IDA
    2007-12-16 11:38 . 2007-12-16 11:38 <REP> d-------- C:\WINDOWS\Sun
    2007-12-08 23:56 . 2007-12-09 00:04 <REP> d-------- C:\tmpDownload
    2007-12-08 23:56 . 2007-12-09 00:07 <REP> d-------- C:\Program Files\YoutubeGet
    2007-12-08 23:56 . 2007-12-09 00:03 5 --a------ C:\WINDOWS\youtubex.dll
    2007-12-06 22:44 . 2007-12-06 22:57 <REP> d-------- C:\Documents and Settings\mickael morin\Application Data\SecondLife
    2007-12-03 12:32 . 2007-12-03 12:32 <REP> d-------- C:\WINDOWS\system32\Viewers
    2007-12-03 12:31 . 2007-12-03 12:32 <REP> d-------- C:\Program Files\MSWorks

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-01 17:04 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\LimeWire
    2008-01-01 08:02 --------- d-----w C:\Program Files\Google
    2007-12-18 15:19 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
    2007-12-16 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-16 18:19 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-09 20:31 19,456 ----a-w C:\WINDOWS\system32\drivers\jnhliqdo.dat
    2007-12-08 21:56 --------- d-----w C:\Program Files\eMule
    2007-12-01 22:17 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\DefenseNetSurfage
    2007-12-01 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\DefenseNetSurfage
    2007-11-30 21:54 --------- d-----w C:\Program Files\Morpheus
    2007-11-30 05:24 --------- d-----w C:\Program Files\Fichiers communs\DefenseNetSurfage
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-25 05:43 --------- d-----w C:\Program Files\RegistrySmart
    2007-11-25 05:19 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\RegistrySmart
    2007-11-24 17:27 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\MSN6
    2007-11-24 16:52 --------- d-----w C:\Program Files\ReparateurDeSysteme
    2007-11-24 15:15 --------- d-----w C:\Program Files\Fichiers communs\ReparateurDeSysteme
    2007-11-24 15:15 --------- d-----r C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
    2007-11-23 09:56 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2007-11-23 09:55 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\Dcads Advanced Toolbar
    2007-11-23 09:35 --------- d-----w C:\Program Files\Dcads Advanced Toolbar
    2007-11-22 11:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-21 21:00 --------- d-----w C:\Program Files\Alwil Software
    2007-11-17 17:03 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\TeamViewer
    2007-11-17 13:49 --------- d-----w C:\Program Files\MorpheusBar
    2007-11-17 13:30 --------- d-----w C:\Program Files\LimeWire
    2007-11-17 13:30 --------- d-----w C:\Program Files\Java
    2007-11-17 13:29 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-17 12:57 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-17 12:54 --------- d-----w C:\Program Files\VideoLAN
    2007-11-17 12:54 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\vlc
    2007-11-17 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C62C5E2-CFBF-4E9E-8ECF-FDFA81B9A927}]
    2004-08-19 15:09 93952 --a------ C:\WINDOWS\system32\dinpu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F173E53F-E042-49b6-BD46-983E93DA1B17}]
    C:\WINDOWS\system32\nse376.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {41C29B07-6F91-4966-91BE-2E2841643C83}
    {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}
    {381FFDE8-2394-4F90-B10D-FC6124A40F8C}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    [HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}]
    [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
    [HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
    [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 15:49 98304]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 20:00 315392]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 10:59 88107 C:\WINDOWS\AGRSMMSG.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
    "Salestart"="C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" [2007-11-12 19:44 424960]
    "Salestart(1)"="C:\Program Files\Fichiers communs\DefenseNetSurfage\mc.exe" [2007-11-07 18:12 429056]
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [ ]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]

    R0 udzdqlog;udzdqlog;C:\WINDOWS\system32\drivers\jnhliqdo.dat []
    R1 MFKGTKEY;MFKGTKEY;C:\WINDOWS\system32\drivers\mfkgtkey.sys [2003-03-26 13:29]
    S3 ALiIRDA;Pilote de périphérique infrarouge ALi;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 21:49]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-11-25 05:19:31 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.exe
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-03 22:15:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-03 22:16:57
    ComboFix-quarantined-files.txt 2008-01-03 21:16:24
    .
    2007-12-21 16:34:34 --- E O F ---
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    selectionne ceci

    registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C62C5E2-CFBF-4E9E-8ECF-FDFA81B9A927}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F173E53F-E042-49b6-BD46-983E93DA1B17}]

    => Copie le texte sélectionné (CTRL+C).
    => Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    => Colle le texte copié dans ce bloc-notes (CTRL+V).
    => Sauvegarde ce fichier sous le nom de CFScript.txt
    => Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    => Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    => Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    => Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    => Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ensuite Fais un scan antivirus en ligne avec Internet Explorer
    https://www.bitdefender.fr/

    => En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    => Dans la nouvelle fenêtre, clique sur I agree
    => La fenêtre change encore, clique sur Click here to scan
    => Les signatures se chargent, etc.
    => copie colle le résultat ici

    tuto en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    et
    reposte un nouveau rapport hijackthis
    0
  7. mike
     
    voila le nouveau rapport.merci encore

    ComboFix 08-01-03.3 - mickael morin 2008-01-03 23:25:01.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.50 [GMT 1:00]
    Running from: C:\Documents and Settings\mickael morin\Bureau\ComboFix.exe
    Command switches used :: C:\Program Files\Trend Micro\HijackThis\CFScript.text
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-01 21:44 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-01 21:44 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-01 21:44 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-01 21:44 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-01 21:44 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-01 21:44 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-01 21:44 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-01 21:44 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-01 21:13 . 2008-01-01 21:13 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-01 21:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-28 22:29 . 2007-12-28 22:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-28 17:32 . 2007-12-28 17:32 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2007-12-28 17:18 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-12-28 16:32 . 2007-12-28 16:32 <REP> d-------- C:\VundoFix Backups
    2007-12-28 16:04 . 2007-12-28 16:07 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2007-12-28 15:09 . 2007-12-28 15:09 <REP> d-------- C:\Program Files\DivX
    2007-12-28 11:42 . 2007-12-28 11:42 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-16 19:10 . 2007-12-16 19:10 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
    2007-12-16 12:16 . 2007-12-16 12:16 <REP> d-------- C:\Documents and Settings\mickael morin\Application Data\Internet Download Accelerator
    2007-12-16 12:15 . 2007-12-16 17:04 <REP> d-------- C:\Program Files\IDA
    2007-12-16 11:38 . 2007-12-16 11:38 <REP> d-------- C:\WINDOWS\Sun
    2007-12-08 23:56 . 2007-12-09 00:04 <REP> d-------- C:\tmpDownload
    2007-12-08 23:56 . 2007-12-09 00:07 <REP> d-------- C:\Program Files\YoutubeGet
    2007-12-08 23:56 . 2007-12-09 00:03 5 --a------ C:\WINDOWS\youtubex.dll
    2007-12-06 22:44 . 2007-12-06 22:57 <REP> d-------- C:\Documents and Settings\mickael morin\Application Data\SecondLife
    2007-12-03 12:32 . 2007-12-03 12:32 <REP> d-------- C:\WINDOWS\system32\Viewers
    2007-12-03 12:31 . 2007-12-03 12:32 <REP> d-------- C:\Program Files\MSWorks

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-01 17:04 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\LimeWire
    2008-01-01 08:02 --------- d-----w C:\Program Files\Google
    2007-12-18 15:19 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
    2007-12-16 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-16 18:19 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-09 20:31 19,456 ----a-w C:\WINDOWS\system32\drivers\jnhliqdo.dat
    2007-12-08 21:56 --------- d-----w C:\Program Files\eMule
    2007-12-01 22:17 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\DefenseNetSurfage
    2007-12-01 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\DefenseNetSurfage
    2007-11-30 21:54 --------- d-----w C:\Program Files\Morpheus
    2007-11-30 05:24 --------- d-----w C:\Program Files\Fichiers communs\DefenseNetSurfage
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-25 05:43 --------- d-----w C:\Program Files\RegistrySmart
    2007-11-25 05:19 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\RegistrySmart
    2007-11-24 17:27 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\MSN6
    2007-11-24 16:52 --------- d-----w C:\Program Files\ReparateurDeSysteme
    2007-11-24 15:15 --------- d-----w C:\Program Files\Fichiers communs\ReparateurDeSysteme
    2007-11-24 15:15 --------- d-----r C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
    2007-11-23 09:56 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2007-11-23 09:55 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\Dcads Advanced Toolbar
    2007-11-23 09:35 --------- d-----w C:\Program Files\Dcads Advanced Toolbar
    2007-11-22 11:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-21 21:00 --------- d-----w C:\Program Files\Alwil Software
    2007-11-17 17:03 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\TeamViewer
    2007-11-17 13:49 --------- d-----w C:\Program Files\MorpheusBar
    2007-11-17 13:30 --------- d-----w C:\Program Files\LimeWire
    2007-11-17 13:30 --------- d-----w C:\Program Files\Java
    2007-11-17 13:29 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-11-17 12:57 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-17 12:54 --------- d-----w C:\Program Files\VideoLAN
    2007-11-17 12:54 --------- d-----w C:\Documents and Settings\mickael morin\Application Data\vlc
    2007-11-17 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C62C5E2-CFBF-4E9E-8ECF-FDFA81B9A927}]
    2004-08-19 15:09 93952 --a------ C:\WINDOWS\system32\dinpu.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F173E53F-E042-49b6-BD46-983E93DA1B17}]
    C:\WINDOWS\system32\nse376.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {41C29B07-6F91-4966-91BE-2E2841643C83}
    {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}
    {381FFDE8-2394-4F90-B10D-FC6124A40F8C}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    [HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}]
    [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
    [HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
    [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 15:49 98304]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 20:00 315392]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 10:59 88107 C:\WINDOWS\AGRSMMSG.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
    "Salestart(1)"="C:\Program Files\Fichiers communs\DefenseNetSurfage\mc.exe" [2007-11-07 18:12 429056]
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [ ]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]

    R0 udzdqlog;udzdqlog;C:\WINDOWS\system32\drivers\jnhliqdo.dat []
    R1 MFKGTKEY;MFKGTKEY;C:\WINDOWS\system32\drivers\mfkgtkey.sys [2003-03-26 13:29]
    S3 ALiIRDA;Pilote de périphérique infrarouge ALi;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 21:49]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-11-25 05:19:31 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.exe
    - C:\Program Files\RegistrySmart
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-03 23:27:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-03 23:29:08
    ComboFix-quarantined-files.txt 2008-01-03 22:28:36
    ComboFix2.txt 2008-01-03 22:11:52
    ComboFix3.txt 2008-01-03 22:02:02
    ComboFix4.txt 2008-01-03 21:16:58
    .
    2007-12-21 16:34:34 --- E O F ---
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    tu n'as pas du le faire correctement
    ressaye
    0